CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

only import ZEEKMERGED if a sensor type node

Browse Source
This commit is contained in:
m0duspwnens
2023-08-08 09:27:03 -04:00
parent 5278601e5d
commit 609a2bf32e
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
salt/telegraf/map.jinja
View File

@@ -6,10 +6,12 @@
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% import_yaml 'telegraf/defaults.yaml' as TELEGRAFDEFAULTS %}
{% set TELEGRAFMERGED = salt['pillar.get']('telegraf', TELEGRAFDEFAULTS.telegraf, merge=True) %}
{% from 'zeek/config.map.jinja' import ZEEKMERGED %}
{# if the md engine isn't zeek or zeek is disabled, dont run the zeek scripts for telegraf #}
{% if (GLOBALS.role in ['so-eval', 'so-standalone', 'so-sensor', 'so-heavynode']) and (GLOBALS.md_engine != 'ZEEK' or not ZEEKMERGED.enabled) %}
{% do TELEGRAFMERGED.scripts[GLOBALS.role.split('-')[1]].remove('zeekloss.sh') %}
{% do TELEGRAFMERGED.scripts[GLOBALS.role.split('-')[1]].remove('zeekcaptureloss.sh') %}
{% if GLOBALS.role in ['so-eval', 'so-standalone', 'so-sensor', 'so-heavynode'] %}
{% from 'zeek/config.map.jinja' import ZEEKMERGED %}
{# if the md engine isn't zeek or zeek is disabled, dont run the zeek scripts for telegraf #}
{% if GLOBALS.md_engine != 'ZEEK' or not ZEEKMERGED.enabled %}
{% do TELEGRAFMERGED.scripts[GLOBALS.role.split('-')[1]].remove('zeekloss.sh') %}
{% do TELEGRAFMERGED.scripts[GLOBALS.role.split('-')[1]].remove('zeekcaptureloss.sh') %}
{% endif %}
{% endif %}